fwd:cloudsec North America 2024

Call for Participation (CFP)

Overview

In 2024, fwd:cloudsec North America is declaring independence from other cloud conferences and converging on the nation’s capital. In keeping with this theme, we want to hear tales of glorious victories, challenges, and escapes - blazing new trails of cloud security, independence, and resiliency. Tell us how you’ve pioneered novel approaches, journeyed into unchartered architecture, democratized cloud security tools, or defied dictated practices to reach new frontiers. This year’s tracks fall into 3 categories: Declaring Cloud Sovereignty, A Long Train of Abuses, and Democratizing Cloud Security Models and Organizations. If you choose to take a stand for cloud independence, read on for details to decide which track is your battle cry!

Who Should Submit

As an independent conference specifically focused on the needs of the cloud practitioner community, we’re particularly interested in presentations that don’t fit neatly into the main tracks of other cloud conferences.

We’re looking for talks from any practitioner who is responsible for securing a cloud service or service provider. The definition of “practitioner” here is deliberately vague - and definitely encompasses more than just “engineer”. The program committee specifically encourages new speakers, or who’ve never spoken at a national conference before, to submit: some of our most memorable hallway conversations come from bringing together speakers of different backgrounds and experience levels, so we reserve time during reviews to provide feedback, develop and highlight the work of others. For more, see details below.

In order to help encourage participation, fwd:cloudsec has set aside several hotel rooms for speakers who will be covering their own travel. These rooms will be available to speakers whose employers are not covering their travel from Sunday night through Wednesday night.

Conference Format

We keep fwd:cloudsec small and approachable to encourage attendees to interact in real-time. All talks will be presented live in Arlington. We’re looking for talks that inspire others to ask questions and build together. As in previous years, we will be live-streaming the sessions and hosts will be soliciting questions from the in-person audience, Cloud Security Forum Slack and social media in real-time.

Themes for 2024

Track 1: Declare Cyber Sovereignty

Throw off the shackles of vendor lock-in and reclaim your cloud security autonomy! As Free and Independent Cloud Practitioners, we shall have full power to Release Software, Orchestrate Systems, Establish Automation and Declare Open-Source Alliances, and to do all other Acts and Things which our organizations may of right do. In this track, we ask your support in empowering the independent cloud practitioner community with your tools, techniques and practices: take a stand for independence and expand the frontier of security automation and orchestration - inspire and empower other young, scrappy, and hungry practitioners with the tools they need to automate incident response, threat detection, and remediation.

This track is your battle cry if you’re:

A security-conscious cloud practitioner seeking independence from vendor constraints
A DevOps guru who champions security as code and automates with open-source might
A builder of community, eager to share knowledge and collaborate on DIY security solutions
A visionary who sees the future of cloud security as open, collaborative, and accessible to all

Examples of talks to arm your arsenal include (but aren’t limited to):

Creating custom open-source SOAR and orchestration platforms. Ditch the subscription traps and leverage open-source alternatives to automate incident response, threat detection, and remediation.
Delivering devops with a security backbone. Build in security automation from the ground up, integrating seamlessly with your existing DevOps workflows and breaking free from proprietary vendor solutions.
Staking your claim on the future of open-source cloud security. Combining observability and threat detection? Incorporating AI and LLM with logging? Share how you are charting the course for a future where security automation tools are accessible, transparent, and community-driven.

Track 2: A long train of abuses and usurpations

Security teams have endured “a long train of abuses and usurpations” and in this track, we aim to understand what stands in our way as we uphold the inalienable rights of users to trust in their infrastructure, safety, and security. We are recruiting scouts bringing intelligence on vulnerabilities, IAM evaluation policies, and hidden APIs; explorers navigating indecipherable configurations, managing threat detection data, and empowering others to establish effective new guards for future security, resiliency, and usability of their cloud environments.

This track is your battle cry if you’re:

A researcher looking to share your insights on novel discoveries and approaches to “insecure-by-default” configurations
A builder tackling challenges like simplifying cross-tenant evaluation policies
An operator unraveling data and configuration complexities to establish integrity and resiliency of cloud services

Arm your arsenal with talks like:

Identification of misconfigurations and how to mitigate them before they occur, enabling developers to build systems safely at scale
Creating attribute-based or just-in-time dynamic and flexible patterns for accessing cloud resources
Designing high-fidelity, low-noise systems for managing, monitoring, and responding to threats

Track 3: Democratize Cloud Security Models and Organizations

In this track, we look for ways that establish “ties of our common kindred”, recognizing that our success comes not just from off-the-shelf best practices, but “concluding Peace, contracting Alliances, and establishing Commerce” across the organization. We want to hear about methodologies and case studies leading to architectures designed to support both large and small security teams, and creating accessibility through redefining models, architectures and best practices catering to the needs of junior professionals and seasoned experts alike.

This track is your battle cry if you’re:

An architect pioneering cutting-edge strategies for integrating technologies that deliver cloud security, independence, and resiliency across diverse cloud environments
A builder establishing a new frontier of bespoke cloud architectures Governance, risk and compliance gurus applying new perspectives and breaking new ground on frameworks and assessments

Arm your arsenal with talks like:

Establishing new threat modeling paradigms in the age of multi-cloud and LLM
Shared responsibility and cloud governance. (Re)Defining a cloud bill of rights
Harmonizing cost effectiveness, security, and compliance across multi-cloud, hybrid cloud, and bring-your-own-cloud solutions

Join the vanguard of the “Declaration of Cloud Independence” - submit your proposal and let’s build a future where cloud security thrives on freedom, collaboration, and innovation! The call for proposal opens on January 22nd and closes on March 29th. Beginning January 22nd, you can submit your proposal via PreTalx. The conference encourages new and first-time speakers, and those who submit a proposal prior to February 16th have the opportunity to receive feedback on their submission.

Remember: We champion vendor-neutral, open-source approaches that empower every practitioner to be their own security sovereign.

What Not to Submit

All experience levels are welcome, but fwd:cloudsec attendees will typically have a fair amount of hands-on experience with cloud engineering and security. Introductory-level talks on broadly-deployed technologies, vendor presentations, or purely theoretical architecture talks will not be accepted and may not even be referred to the whole team for review.

As a smaller conference, we’re particularly looking for talks that spark discussion, challenges and hallways exchanges — not just lectures expected to be taken as gospel.

Speakers and reviewers are expected to disclose conflicts of interest - if research was paid for by a particular vendor, that’s not disqualifying but the chairs would like to know to ensure we stay neutral.

We want you to be selective in what you submit, so we are putting a few restrictions in place this year:

Any author may only submit up to two talks. Any talks submitted over two will not be accepted. Where multiple authors are speaking together, an author may be listed on only two talks or all of their talks may be rejected. If you want community feedback on half-formed ideas before submitting, great: many prior year attendees, speakers and review team members are still active in the #fwdcloudsec channel in the Cloud Security Forum slack.
Talks must be submitted by the author / speaker, and not by PR agencies or marketing teams on the speaker’s behalf.

Disclosure Policy

We support responsible disclosure. As an independent conference, that does not mean giving vendors a veto over all possible presentation topics. Submitters should inform vendors of any discovered vulnerability as early as possible to give them a chance to patch the issue, and we won’t accept any talks that have not made good-faith efforts to work through their vulnerability disclosure processes. But beyond that - we admire the work Project Zero has done here: 90 days from notification is generally a reasonable time to patch an issue, plus 30 days to coordinate disclosure. After that time has elapsed, it may be more important to let the public know than to continue to keep the issue under wraps. If you still have disagreements as to whether a vulnerability should be presented, let’s talk through options.

Encouraging diverse and first-time speakers

We especially encourage first-time speakers, women, and members of other groups less represented at security conferences to present at fwd:cloudsec - first pass reviews by our committee members are performed “blind” (without author information attached), though as we approach final selections we strive to build a balanced program and are proud to have a review committee comprised of many different backgrounds.

If you’ve never spoken a national conference before (something where most attendees do not live within a day’s drive), we’re especially interested in hearing from you and want to help you find the best fit talks. If you submit by February 16, we’ll share review committee feedback in depth and provide you a point of contact on the review committee who can offer suggestions to hone your talk for the fwd:cloudsec audience.

How to Submit

Most talks are expected to be 20-minute lightning talks on a single topic. There are a limited number of 40-minute slots available, so when proposing a 40-minute talk, please be sure to include an agenda that explains how you will use the additional time.

Submissions must include:

Speaker name(s) and contact information
Presentation title
Preferred talk length - 20-minute or 40-minute
Abstract (will be shown on the schedule); please do not include identifying information
Speaker bio(s), limited to 100 words
A detailed description of the talk: explain what you are presenting, and how you intend to cover the topic. Do you intend to include a demo or release code? Here is a good place to include that information.
How can the audience benefit from watching your talk live? Will there be Q&A, live demos, etc.
Other venues this talk has been presented or submitted
Any special presentation facilities that may be required (aside from power, projector, sound and Internet connectivity)
Any objections to having your talk recorded for future open access
If your topic relates to a tool or code you’ve written, is that tool or code open-source, or will it be made open-source by the end of the conference?

Schedule

January 22 - Call for Participants opens
Friday, February 16 - ROUND ONE SUBMISSIONS CLOSE at 23:59 Eastern Standard Time (GMT-5)
March 4 - Participants who submit by the Round One deadline will hear back from the program committee. First time speakers who requested feedback and meet the submission criteria will receive feedback on how to improve during the second round.
Friday, March 29 - FINAL ROUND SUBMISSIONS CLOSE at 23:59pm Eastern Daylight Time (GMT-4)
April 17 - Final acceptance, alternate and rejections are sent out
April 24 - Speakers must confirm attendance and hotel benefits (if applicable) by this date
April 29 - Schedule published to https://fwdcloudsec.org/
June 17-18 - fwd:cloudsec held in Arlington, VA and virtually

Submit your proposal

Proposals can be submitted via PreTalx.